Is Your Email Address Safe from Spambots?

Every day, email harvesting computer programs (aka SpamBots) are searching the internet, looking for email addresses to harvest and add to their spam target lists and databases. If you post your email address on your website or blog, or on a social media site, it will be found by the spambots. It will be harvested, and your email inbox will soon be flooded spam. It's only a matter of time. Fortunately, there are ways to protect against this, you simply need to "protect" your email address, which involves making it so that the spambot programs can't recognize and read it, but so humans still can read it. It's easy to do, and I describe how to do it below.

But why worry about spam email?Yes, we all have spam filters on our email programs that route (most of) the spam to our spam folders. It's hard to image life without spam filters! But I believe we are too reliant on them, and it's better to stop the incoming spam from ever coming in the first place.First, the main problem I see with spam filters is that legitimate emails sometimes end up in the spam folder (false positives). If you don't get very much spam, you can always wade through your spam folder to look for legitimate emails, but if you get too much spam, it's temping to just dump it without checking (and thus dump unread legitimate emails).Second, I regularly see spam emails make it past my spam filter and end up in my regular email inbox. And some spam emails are becoming more potentially dangerous. Spammers are masquerading as legitimate businesses, and they are trying to trick you into reading their email and then clicking a link or viewing a seemingly legitimate attachment. However, the links and attachments are viruses. Just this week I saw a news report on a warning from the FTC not to open certain emails you might receive. I'm skeptical by nature and don't think I would ever be tricked (though my father was chagrined to have his computer infected by malware by an email link he was tricked into clicking). My guess is that spammers will only get more clever with their deceptive attempts, so why put yourself and your employees at risk if you can avoid having your email address harvested and put on their list in the first place?

Will your email address really get harvested?Yes. If your email address is posted on the internet, it's only a matter of time. I speak from personal experience (and embarrassment). I've been using unicode to protect my email addresses since 2004, but last year (2013) I set up a small personal website and put a contact email address on it and forgot to encode or protect the email address. As the website was more of a test project, I neglected it for many months, but then started working on it again recently and checked the email box. I was stunned to find it filled with SPAM, and traced it all back to the unprotected email address on the website. Even though I have changed the contact email address and have protected the new address, I still see 20-30 spam emails come in every day. And this is all from an email address posted on a fairly obscure personal website.

How do you stop the spambots?Fortunately, it is very easy to defeat the majority of the spambots.If it's your own website or blog and you/or you can write the html, you simply need to convert your email address (in the html code) to unicode (i.e. the unicode for the letter "a" is "&#97;". From my research and own experience over ten years, most spambots don't read unicode and thus don't recognize it as an email address. But browsers do read and translate unicode, so your human visitors will still see your real email address. You can use this handy dandy unicode converter to do it.If your email address is joe@mydomain .com, the unicode equivalent you would use in your html code is:&#106;&#111;&#101;&#64;&#109;&#121;&#100;&#111;&#109;&#97;&#105;&#110;&#46;&#99;&#111;&#109;

If you can't write or change the html coding (such as when posting your email address on a social media site, then I suggest writing it as joe (at) mydomain.com. I have also researched and tested this technique and found it to be quite effective.

It's easy to do, you just need to do it!It's so easy to convert your email address to unicode, or at least write "at" instead of "@". Doing either of these will defeat the majority of spambots. There really is no excuse for not doing it. There are more complicated ways of protecting your email address with javascript and css encoding, which I discuss in more detail here, but again, my ten years of experience with battling the spambots have found unicode and writing "at" to be surprisingly effective, and easy for anyone to do.